Computers and computer networks serve communication and record-keeping functions in almost all modern businesses and other enterprises. The ability to communicate using a computer network and the information stored on that network may be extremely valuable to the company or other entity that operates the network. With the advent of the Internet, to which most other computer networks are connected, the ability to communicate and access data has become a global affair.
Unfortunately, computer networks are also subject to malicious attacks. In some instances, a network may be attacked with the intent to destroy the records kept on the network. Other attacks may be aimed at interrupting communication with, or within, the network. Some attacks may be for the purpose of illicitly obtaining information, rather than an attempt to explicitly harm or disrupt the network. In any event, it becomes necessary for network operators to take whatever measures are available to prevent or neutralize attacks of any nature upon their network.
One such system for addressing attacks on a computer network is an Intrusion Detection System (IDS). The basic function of an IDS is to record signs of intruders at work and to give alerts to network operators.
An IDS typically looks for signs of an attack on a network by comparing network traffic with the signatures of known attacks. Using signature recognition, the IDS examines each packet for a programmed match of known attack patterns. For example, the string “/cgi-bin/phf?” coming into a network can trigger an alarm that someone may be looking for a vulnerable CGI script on a web-server. Most commercial IDS systems are signature based, having several hundred signatures available for selection in a database. The system then monitors incoming network traffic for the selected signatures that are indicative of an attack.
Intrusion Detection Systems to date have used software algorithms for performing the signature detection function. Although signature detection is not algorithmically complex, it is computationally intensive. As a result of both increasing data rates and increasing numbers of signatures, software based Intrusion Detection Systems are failing to keep up with the state of the art in network transmission technology.
Because of the importance of protecting computer networks and the data they contain, there is a need for improved intrusion detection systems.